Privilege Escalation

The application is vulnerable to privilege escalation. Due to improper authorization checks by the application, an attacker is able to manipulate a parameter and increase their privilege level. Escalated privileges allows an attacker to gain access to sensitive information or functionality within the application that would otherwise be restricted.

Impact

An attacker can manipulate the values of a parameter in order to bypass authorization rules and gain access to sensitive data or to perform restricted functions. An attacker who horizontally escalates privileges will gain access to the authorization level of a similarly configured role which may expose the personal data of other users. An attacker who vertically escalates privileges will obtain the authorization level of a higher level user such an administrator. The may allow the attacker to perform prohibited operations such as changing configuration settings.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

Subscribe here in order to gain access to the AppSec Findings Database